How to Stop ISPs from Spying on your IoT Devices
Botnets are not the only threat to your Internet of Things (IoT) devices: Your internet service provider (ISP) can also detect and track your in-home activities by analyzing internet traffic from smart devices, even when those devices use encryption, according to a paper from Princeton University researchers.
However, the researchers found a simple way to block ISPs from spying on your smart devices: Traffic shaping.Many smart home devices have always-on sensors that capture users’ activities in their home, and transmit information about these activities to cloud services run by the device manufacturers. Devices currently on the market are purchased to record everything from sleeping patterns, exercise routines, medical information, and sexual activity, the researchers noted. And even if a smart home device is not designed to capture private activities, they may still be detected by ISPs. (Read More)
Strengthening CIoT Security with Secure Cellular Network Gateways
Cellular IoT (CIoT) networks can be built using several technologies, including CAT-M1, LTE, Extended Coverage GSM or Narrowband IoT. Different technologies are suited to various IoT use cases, so it’s likely that many operators will build their CIoT networks to support more than one technology for maximum functionality. These networks will connect billions of small devices and other things, many of which are expected to send and receive very little data while consuming minimal power.
To achieve these small data transfers as efficiently as possible, 3GPP, referred to as Non-IP Data Delivery (NIDD) can transmit unstructured data without using an IP stack. This involves the forwarding of data to a Service Capability Exposure Function (SCEF), acting as a sort of network gateway within the 3GPP architecture, which then makes the data available via IP-based APIs. (Read More)
Industrial Cobots are a Different Kind IoT Security Threat
Researchers at IOActive report they have discovered over 50 security vulnerabilities in industrial collaborative robots, or cobots. These are machines that work with people in a variety of settings, and if compromised by a remote hacker, could possibly cause physical harm to them. They could also conceivably be programmed to spy on their surroundings and send data to a remote server, creating a new kind of industrial sabotage.
The researchers, Cesar Cerrudo and Lucas Apa, wrote in a blog post that the industrial cobots can be remotely tampered with to remove safety configurations that prevent them from operating outside of designated safety boundaries and that protocols are not in place. They began their research in February and published a paper today that complements it. (Read More)